trixie triage

Moritz Muehlenhoff (@jmm) Tue, 04 Nov 2025 01:50:21 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
667be635 by Moritz Muehlenhoff at 2025-11-04T10:49:51+01:00
bookworm/trixie triage

- - - - -


2 changed files:

- data/CVE/list
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,6 @@
 CVE-2025-11563
        - curl <unfixed>
+       [trixie] - curl <no-dsa> (Minor issue)
        [bookworm] - curl <not-affected> (Vulnerable code not present)
        [bullseye] - curl <not-affected> (Vulnerable code not present)
        NOTE: Introduced with: 
https://github.com/curl/wcurl/commit/e01d578582a23695ee3cec08a2bff29d61a0bfb4 
(v2024.12.08)
@@ -617,6 +618,7 @@ CVE-2025-10487 (The Advanced Ads \u2013Ad Manager & AdSense 
plugin for WordPress
        NOT-FOR-US: WordPress plugin
 CVE-2025-12464 (A stack-based buffer overflow was found in the QEMU e1000 
network devi ...)
        - qemu <unfixed> (bug #1119917)
+       [trixie] - qemu <no-dsa> (Minor issue)
        [bookworm] - qemu <not-affected> (Vulnerable code introduced later)
        [bullseye] - qemu <not-affected> (Vulnerable code introduced later)
        NOTE: https://gitlab.com/qemu-project/qemu/-/issues/3043
@@ -16396,7 +16398,7 @@ CVE-2022-50375 (In the Linux kernel, the following 
vulnerability has been resolv
        NOTE: 
https://git.kernel.org/linus/316ae95c175a7d770d1bfe4c011192712f57aa4a (6.1-rc1)
 CVE-2025-30187 (In some circumstances, when DNSdist is configured to use the 
nghttp2 l ...)
        - dnsdist 2.0.1-1 (bug #1115643)
-       [trixie] - dnsdist <no-dsa> (Minor issue)
+       [trixie] - dnsdist <no-dsa> (Minor issue, will be fixed via point 
release)
        [bookworm] - dnsdist <not-affected> (Vulnerable code not present)
        [bullseye] - dnsdist <not-affected> (Vulnerable code not present)
        NOTE: https://www.openwall.com/lists/oss-security/2025/09/18/1
@@ -54150,6 +54152,8 @@ CVE-2025-40633 (A Stored Cross-Site Scripting (XSS) 
vulnerability has been found
        NOT-FOR-US: Koibox
 CVE-2025-30193 (In some circumstances, when DNSdist is configured to allow an 
unlimite ...)
        - dnsdist 1.9.10-1 (bug #1106207)
+       [trixie] - dnsdist <no-dsa> (Minor issue, will be fixed via point 
release)
+       [bullseye] - dnsdist <end-of-life> (see #1119290)
        NOTE: 
https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2025-03.html
        NOTE: https://github.com/PowerDNS/pdns/pull/15572
        NOTE: Fixed by: 
https://github.com/PowerDNS/pdns/commit/096c0fc0c015e80f815eb99aea1bc0eca28cb269
 (dnsdist-1.9.10)


=====================================
data/next-point-update.txt
=====================================
@@ -63,6 +63,8 @@ CVE-2025-62171
        [trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u3
 CVE-2025-30187
        [trixie] - dnsdist 1.9.10-1+deb13u1
+CVE-2025-30193
+       [trixie] - dnsdist 1.9.10-1+deb13u1
 CVE-2025-9640
        [trixie] - samba 2:4.22.6+dfsg-0+deb13u1
 CVE-2025-10230



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/667be6359807ee48e3040e15200695620407b0fa

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/667be6359807ee48e3040e15200695620407b0fa
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bookworm/trixie triage

Reply via email to